[RPI4] Cryptab do not work

This forum is for topics dealing with problems with software specifically in the ARMv7h repo.

[RPI4] Cryptab do not work

Postby PowaBanga » Tue Apr 06, 2021 12:05 pm

Hi everybody,
I had on my raspberrypi3 2 HDD. One is a simple 4To formated in ext4, the other is a 500Go crypted with luks.
I had no problem to mount them with crypttab and fstab.

Today, i have a raspberrypi4, i want to mount my hdd on. So, i edited my cryptab and fstab files on my rpi4 in the same way as my rpi3. If I comment the lines about my HDD 500 Go, the rpi4 start normaly, but if I uncomment them, the rpi4 ask to me my password on start. I do not have any keyboard for now, so I can't type it myself.

Me, I need my HDD 500Go on my rpi4, so it's a problem.

Here is my cryptab :
Code: Select all
# Configuration for encrypted block devices.
# See crypttab(5) for details.

# NOTE: Do not list your root (/) partition here, it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf).

# <name>       <device>                                     <password>              <options>
# home         UUID=b8ad5c18-f445-495d-9095-c9ec4f9d2f37    /etc/mypassword1
# data1        /dev/sda3                                    /etc/mypassword2
# data2        /dev/sda5                                    /etc/cryptfs.key
# swap         /dev/sdx4                                    /dev/urandom            swap,cipher=aes-cbc-essiv:sha256,size=256
# vol          /dev/sdb7                                    none
#500go  PARTUUID=0004a183-01    /etc/500go


I put my password in the file "/etc/500go", it was working on rpi3.
Code: Select all
my fstab

cat /etc/fstab
# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>
/dev/mmcblk0p1  /boot   vfat    defaults        0       0
PARTUUID=1a9b99a2-06a8-4050-85d2-5c9ad30955f1   /media/4to      ext4    defaults0       0
#/dev/mapper/500go      /media/Mypassport       ext4    defaults        0      0
/media/4to      /home/powabanga/4to     none    defaults,bind   0       0
#/media/Mypassport      /home/powabanga/500go   none    default,bind    0      0


luksdump on my HDD 500Go

Code: Select all
cryptsetup luksDump /dev/sdb1
LUKS header information for /dev/sdb1

Version:          1
Cipher name:      aes
Cipher mode:      xts-plain64
Hash spec:        sha256
Payload offset:   4096
MK bits:          256
MK digest:        a2 51 a7 d0 b2 30 64 d6 63 dc 93 17 58 79 1c 2e 0f 0d 4b 3d
MK salt:          cd 96 be b3 fe 0a 2c a7 b6 02 c9 3a f9 18 c4 b0
                  8d b3 e7 00 6f 10 e5 f0 46 5f 6e ce 47 ba 55 b7
MK iterations:    173750
UUID:             e00ea308-5aba-47e3-a8e6-8e6cd6760b50

Key Slot 0: ENABLED
   Iterations:            1368982
   Salt:                  8a 67 26 4d 2b cc a9 c6 b0 5d a2 30 d6 63 00 b7
                            8c 18 31 2f 91 c2 e3 81 ce 6a 0e 59 23 f6 a3 a1
   Key material offset:   8
   AF stripes:               4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Code: Select all
ls -l /etc/500go
-rwxrwxrwx 1 root root 15 Feb 18 17:02 /etc/500go

If anybody can help, you really are welcome ! smile
PowaBanga
 
Posts: 15
Joined: Thu May 31, 2018 2:04 pm

Re: [RPI4] Cryptab do not work

Postby ufo6000 » Wed Apr 07, 2021 9:37 am

I put my password in the file "/etc/500go", it was working on rpi3.


In your posted cryptab there is no reference to this file, so your password file is not used.
ufo6000
 
Posts: 62
Joined: Fri Jan 22, 2016 7:54 pm

Re: [RPI4] Cryptab do not work

Postby PowaBanga » Wed Apr 07, 2021 10:55 am

the last line is yet the reference to ththe /etc/500go file no ?
PowaBanga
 
Posts: 15
Joined: Thu May 31, 2018 2:04 pm

Re: [RPI4] Cryptab do not work

Postby ufo6000 » Wed Apr 07, 2021 11:17 am

yes, sorry, I have not seen the last line :-(

What happens, if you boot with disabled crypttab, and then invoke later the manual encryption, e,g, remote over ssh:

sudo cryptsetup open /dev/disk/by-partuuid/0004a183-01 500go --key-file /etc/500go

where PARTUUID=0004a183-01 from crypttab syntax matches /dev/disk/by-partuuid/0004a183-01 here.
ufo6000
 
Posts: 62
Joined: Fri Jan 22, 2016 7:54 pm

Re: [RPI4] Cryptab do not work

Postby PowaBanga » Wed Apr 07, 2021 2:36 pm

So, i precise, my password is wrotte in clear in the file /etc/500go ...
Code: Select all
cryptsetup open /dev/disk/by-partuuid/0004a183-01 500go --key-file /etc/500go
No key available with this passphrase.
PowaBanga
 
Posts: 15
Joined: Thu May 31, 2018 2:04 pm

Re: [RPI4] Cryptab do not work

Postby ufo6000 » Wed Apr 07, 2021 5:53 pm

a) check out, if you are affected by this bug, long password + specific kernel version:
https://gitlab.com/cryptsetup/cryptsetup/-/issues/627

b) check, if you have migrated the password from old to new system correct.
Did you copy the file or did you re-created it with an editor ?
compare "md5sum -b /etc/500go" on old versus new system.
ufo6000
 
Posts: 62
Joined: Fri Jan 22, 2016 7:54 pm


Return to ARMv7h

Who is online

Users browsing this forum: No registered users and 4 guests